If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

eject exploit

I was looking at traces of an eject exploit and I am puzzled which other indicators other than buffer overflow can show that the attack is going on. Is it legal to perform two execve sys calls during the eject program execution? I also noticed some irregularities with stat sys call arguments and, of course, pipe and fork sys calls (but then it's too late to detect an attack). Does anybody know what are other indicators of eject exploit? Also, can somebody help me out to detect ftp-write exploit? What are the features of the signature?